From 1d4bfc34c09296734aa896b21bd4c792ffb9de09 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Wed, 14 Sep 2022 16:25:11 +0200
Subject: [PATCH] Keep the ACS url as it was in 1.19. (#1698)
But implement it in a way that still does not require any legacy
www scripts.
---
docs/simplesamlphp-artifact-idp.md | 4 ++--
docs/simplesamlphp-hok-idp.md | 4 ++--
docs/simplesamlphp-idp.md | 4 ++--
metadata-templates/saml20-sp-remote.php | 4 ++--
modules/core/docs/authproc_attributelimit.md | 8 ++++----
modules/saml/routing/routes/routes.yaml | 10 ++--------
modules/saml/src/Auth/Source/SP.php | 10 +++++-----
tests/modules/saml/src/Auth/Source/SPTest.php | 4 ++--
8 files changed, 21 insertions(+), 27 deletions(-)
diff --git a/docs/simplesamlphp-artifact-idp.md b/docs/simplesamlphp-artifact-idp.md
index 4cf783f03..e32713413 100644
--- a/docs/simplesamlphp-artifact-idp.md
+++ b/docs/simplesamlphp-artifact-idp.md
@@ -70,12 +70,12 @@ In general, that should look something like:
'AssertionConsumerService' => [
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
- 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp',
+ 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 0,
],
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
- 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp',
+ 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 2,
],
],
diff --git a/docs/simplesamlphp-hok-idp.md b/docs/simplesamlphp-hok-idp.md
index 1b4908bdc..d11463a08 100644
--- a/docs/simplesamlphp-hok-idp.md
+++ b/docs/simplesamlphp-hok-idp.md
@@ -66,12 +66,12 @@ In general, this should look like the following code:
'AssertionConsumerService' => [
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
- 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp',
+ 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 0,
],
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser',
- 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp',
+ 'Location' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 4,
],
],
diff --git a/docs/simplesamlphp-idp.md b/docs/simplesamlphp-idp.md
index 0a26891e1..1dd173ce5 100644
--- a/docs/simplesamlphp-idp.md
+++ b/docs/simplesamlphp-idp.md
@@ -182,8 +182,8 @@ This is a minimal example of a `metadata/saml20-sp-remote.php` metadata file for
<?php
$metadata['https://sp.example.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = [
- 'AssertionConsumerService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp',
- 'SingleLogoutService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/singleLogoutService/default-sp',
+ 'AssertionConsumerService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
+ 'SingleLogoutService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
];
```
diff --git a/metadata-templates/saml20-sp-remote.php b/metadata-templates/saml20-sp-remote.php
index 0343d311f..2461bf62d 100644
--- a/metadata-templates/saml20-sp-remote.php
+++ b/metadata-templates/saml20-sp-remote.php
@@ -10,8 +10,8 @@
* Example SimpleSAMLphp SAML 2.0 SP
*/
$metadata['https://saml2sp.example.org'] = [
- 'AssertionConsumerService' => 'https://saml2.example.org/module.php/saml/sp/assertionConsumerService/default-sp',
- 'SingleLogoutService' => 'https://saml2sp.example.org/module.php/saml/sp/singleLogoutService/default-sp',
+ 'AssertionConsumerService' => 'https://saml2.example.org/module.php/saml/sp/saml2-acs.php/default-sp',
+ 'SingleLogoutService' => 'https://saml2sp.example.org/module.php/saml/sp/saml2-logout.php/default-sp',
];
/*
diff --git a/modules/core/docs/authproc_attributelimit.md b/modules/core/docs/authproc_attributelimit.md
index 34274cc12..7a27bbe7f 100644
--- a/modules/core/docs/authproc_attributelimit.md
+++ b/modules/core/docs/authproc_attributelimit.md
@@ -85,8 +85,8 @@ like this:
Then, add the allowed attributes to each service provider metadata, in the `attributes` option:
$metadata['https://saml2sp.example.org'] = [
- 'AssertionConsumerService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp',
- 'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/singleLogoutService/default-sp',
+ 'AssertionConsumerService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
+ 'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
...
'attributes' => ['cn', 'mail'],
...
@@ -96,8 +96,8 @@ Now, let's look to a couple of examples on how to filter out attribute values. F
to be used by a service provider (among other attributes):
$metadata['https://saml2sp.example.org'] = [
- 'AssertionConsumerService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/assertionConsumerService/default-sp',
- 'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/singleLogoutService/default-sp',
+ 'AssertionConsumerService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
+ 'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
...
'attributes' => [
'uid',
diff --git a/modules/saml/routing/routes/routes.yaml b/modules/saml/routing/routes/routes.yaml
index cafab094d..9dd758d20 100644
--- a/modules/saml/routing/routes/routes.yaml
+++ b/modules/saml/routing/routes/routes.yaml
@@ -11,20 +11,14 @@ saml-sp-wrongAuthnContextClassRef:
path: /sp/wrongAuthnContextClassRef
defaults: { _controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::wrongAuthnContextClassRef' }
saml-sp-assertionConsumerService:
- path: /sp/assertionConsumerService/{sourceId}
+ path: /sp/saml2-acs.php/{sourceId}
defaults: { _controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::assertionConsumerService' }
saml-sp-singleLogoutService:
- path: /sp/singleLogoutService/{sourceId}
+ path: /sp/saml2-logout.php/{sourceId}
defaults: { _controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::singleLogoutService' }
saml-sp-metadata:
path: /sp/metadata/{sourceId}
defaults: { _controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::metadata' }
-saml-legacy-sp-assertionConsumerService:
- path: /sp/saml2-acs.php/{sourceId}
- defaults: { _controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::assertionConsumerService', path: /saml/sp/assertionConsumerService, permanent: true }
-saml-legacy-sp-singleLogoutService:
- path: /sp/saml2-logout.php/{sourceId}
- defaults: { _controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::singleLogoutService', path: /saml/sp/singleLogoutService, permanent: true }
saml-legacy-sp-metadata:
path: /sp/metadata.php/{sourceId}
defaults: { _controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::metadata', path: /saml/sp/metadata, permanent: true }
diff --git a/modules/saml/src/Auth/Source/SP.php b/modules/saml/src/Auth/Source/SP.php
index f11afa9ba..dfe518fd4 100644
--- a/modules/saml/src/Auth/Source/SP.php
+++ b/modules/saml/src/Auth/Source/SP.php
@@ -357,19 +357,19 @@ class SP extends \SimpleSAML\Auth\Source
case Constants::BINDING_HTTP_POST:
$acs = [
'Binding' => Constants::BINDING_HTTP_POST,
- 'Location' => Module::getModuleURL('saml/sp/assertionConsumerService/' . $this->getAuthId()),
+ 'Location' => Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->getAuthId()),
];
break;
case Constants::BINDING_HTTP_ARTIFACT:
$acs = [
'Binding' => Constants::BINDING_HTTP_ARTIFACT,
- 'Location' => Module::getModuleURL('saml/sp/assertionConsumerService/' . $this->getAuthId()),
+ 'Location' => Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->getAuthId()),
];
break;
case Constants::BINDING_HOK_SSO:
$acs = [
'Binding' => Constants::BINDING_HOK_SSO,
- 'Location' => Module::getModuleURL('saml/sp/assertionConsumerService/' . $this->getAuthId()),
+ 'Location' => Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->getAuthId()),
'hoksso:ProtocolBinding' => Constants::BINDING_HTTP_REDIRECT,
];
break;
@@ -404,7 +404,7 @@ class SP extends \SimpleSAML\Auth\Source
Constants::BINDING_SOAP,
]
);
- $defaultLocation = Module::getModuleURL('saml/sp/singleLogoutService/' . $this->getAuthId());
+ $defaultLocation = Module::getModuleURL('saml/sp/saml2-logout.php/' . $this->getAuthId());
$location = $this->metadata->getOptionalString('SingleLogoutServiceLocation', $defaultLocation);
$endpoints = [];
@@ -439,7 +439,7 @@ class SP extends \SimpleSAML\Auth\Source
$ar = Module\saml\Message::buildAuthnRequest($this->metadata, $idpMetadata);
- $ar->setAssertionConsumerServiceURL(Module::getModuleURL('saml/sp/assertionConsumerService/' . $this->authId));
+ $ar->setAssertionConsumerServiceURL(Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
if (isset($state['\SimpleSAML\Auth\Source.ReturnURL'])) {
$ar->setRelayState($state['\SimpleSAML\Auth\Source.ReturnURL']);
diff --git a/tests/modules/saml/src/Auth/Source/SPTest.php b/tests/modules/saml/src/Auth/Source/SPTest.php
index 3dfc5a2cf..58c4d3290 100644
--- a/tests/modules/saml/src/Auth/Source/SPTest.php
+++ b/tests/modules/saml/src/Auth/Source/SPTest.php
@@ -462,7 +462,7 @@ class SPTest extends ClearStateTestCase
$this->assertIsArray($md['AssertionConsumerService']);
foreach ($md['AssertionConsumerService'] as $acs) {
$this->assertEquals(
- 'http://localhost/simplesaml/module.php/saml/sp/assertionConsumerService/' . $spId,
+ 'http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/' . $spId,
$acs['Location']
);
$this->assertStringStartsWith('urn:oasis:names:tc:SAML:2.0:bindings', $acs['Binding']);
@@ -1382,7 +1382,7 @@ class SPTest extends ClearStateTestCase
$this->assertIsArray($hok);
$this->assertEquals('urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser', $hok['Binding']);
$this->assertEquals(
- 'http://localhost/simplesaml/module.php/saml/sp/assertionConsumerService/' . $spId,
+ 'http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/' . $spId,
$hok['Location']
);
$this->assertEquals(2, $hok['index']);
--
GitLab